Microsoft Pronounces No Extra Passwords

Microsoft, passwords, authenticator

Tech giant Microsoft made passwordless accounts available to business users of its products in March. The system is now made available to all Microsoft or Windows users. The feature allows you to go without a password, all you need is the authentication app.

According to Microsoft, “almost 100% of our employees” are already using the new, more secure system for their company accounts. When passwordless sign-in is enabled, users who sign in to a Microsoft account again will be prompted to enter their fingerprint or other secure unlock on their mobile phone.

This is far more secure than using passwords that can be guessed or stolen, according to Microsoft.“Only you can provide fingerprint authentication or provide the right answer on your phone at the right time,” it says. Windows users can still use quick sign-in features like a PIN code.

Some exceptions still require passwords, such as: B. Office 2010, Xbox 360 consoles, and Windows 8.1 or earlier computers. If access to the Authenticator app is lost – for example, if the phone it is installed on is lost, stolen, or a user forgets to upgrade – backup options can be used, including; Windows Hello facial recognition, which requires a compatible laptop or dedicated camera; a physical security key that must be used on the logging-in device; Short Message Service (SMS) or email codes.

However, SMS and email are two of the most common channels for cyber criminals targeting specific people

And Microsoft says security-conscious users who have two-factor authentication in place must have access to two different recovery methods.

Microsoft is discussing reasons for the new system in a number of blog posts.

Vasu Jakkal, vice president of security, wrote, “Passwords are incredibly impractical for creating, remembering, and managing all of the accounts in our lives. We are expected to create complex and unique passwords, remember them and change them frequently – but nobody likes that. “

People tended to create insecure passwords that technically removed the lock on symbols, numbers, or upper / lower case letters – but in order to remember them, they used a repeated formula or the same password on multiple websites. “Hackers don’t break in, they log in,” the blog post says. The new passwordless feature greets users with a box that says, “A passwordless account reduces the risk of phishing and password attacks.” And once the feature is set up, a confirmation tells users, “You’ve made your account more secure and yours Sign in experience improved by removing your password ”.